Vulnerability CVE-2024-37286
Published: 2024-08-03

Description:
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

 References:
https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289
Copyright 2026, cxsecurity.com

 

Back to Top